In modern society, individuals are associated with a vast array of personal data. Some examples of such personal data include but are not limited to name, address, date of birth, nationality, social security number, passport number, driver's license number, membership number (for a given organization), maiden name (if applicable), mother's maiden name, employer information, bank account number, credit card number etc. This personal data is used in a multitude of ways as and when individuals interact with other individuals and organizations. Many of these interactions depend heavily on the accuracy of a data set that is both particular to the individual and necessary for the interaction in question. Accordingly, because each such data set (hereafter referred to as a “credential set”) is both particular to an individual and necessary for the interaction, it is sensitive information that desirably is retained in a state of privity. The information is sensitive (and desirably retained in a state of privity) additional relevant data, such as data pertaining to additional security features, for example, a secret keycode associated with a given instrument. It will be understood that even if it is intended to release a credential set from a record, it may be necessary to ensure that the associated data is never released, particularly where it pertains to additional security features.
Such record registries are typically populated in the following way. The credential set pertaining to a presenter is furnished to the controller and the credential set is verified and validated. Once the credential set is verified and validated, an instrument is produced bearing the credential set, and this credential set is provided to the presenter. The credential set is also entered into a new record on the record registry and typically supplemented with any data pertaining to the corresponding instrument (such as serial number, etc.) and any other relevant data (such as additional security feature data including but not limited to biometrics etc.).
Ways have evolved to render credential sets onto such bespoke instruments. Historically, such data may have been inked, typed or labeled on the issued instrument. Subsequently, such data may have been embossed or engraved or encoded or embedded on the issued instrument. More recently, machine readable media (such as magnetic stripes or chips) have been used as instruments, the relevant credential sets being stored electronically on such media. The format of many instruments (and the format in which credential sets are stored thereon) is governed by the International Organization for Standardization. For example, ISO 7501 governs the format of Machine readable travel documents; ISO 7810 and ISO 7811 govern the format of Identification Cards; and ISO 7812 and ISO 7816 govern the manner in which cards may be provided from different issuers.
In spite of advances in the provision of instruments bearing presenter credential sets, there remains the danger of fraud. It remains necessary to be able to both verify that the presenter bearing the instrument comprising the credential set is the valid/authentic presenter (i.e. that the instrument has not been stolen or cloned and hence is not being used fraudulently) and also to verify that the proffered instrument comprising the credential set is indeed authentic (i.e. that the credentials are accurate and that the instrument is not a complete forgery). This is an issue of increasing concern as bearers of such instruments release their credential sets on an increasingly frequent basis. While the credential sets are initially held in an environment of confidentially/privacy, existing between the presenters of credential sets and their controllers, this environment of confidentially/privacy is jeopardized whenever the credential set is released during an exchange with a third party. While improvements in the security of the means by which credential sets are released have sought to bolster this environment of confidentially/privacy, weaknesses still persist.
For example, with even with the advent of automated systems for reading passport instruments, when a passenger presents their passport to any check point officer or any border control agency (the “accepter”), the controlled credentials on the issued instrument are visible to and handled by the accepter prior to and after capturing the controlled credentials in the reading device. If—in contravention of privacy policy said credentials as viewed are copied and shared by the accepter, not just captured and processed, the state of privity in which the passport instrument credentials originally resided is compromised. Similar deficiencies exist for other instruments for which automated credential capture systems have been developed, such as driving licenses, loyalty/membership cards, and payment cards.
There remains a need for improved methods and systems by which presenters may proffer credential sets during exchanges with other individuals or organizations in a manner that guarantees both the authenticity of the credential set, and the authenticity of the presenter bearing the credential set. It would be highly desirable to provide methods and systems that ensure an environment of complete confidentially/privacy for credential sets when being disclosed. It would be strongly preferable for any such improved methods and systems to be backwardly compatible with existing methods and systems that are in common usage such that the improved methods and systems may be phased in smoothly and gradually. This would be highly advantageous as it would eliminate the need for costly and time-consuming transitions to new systems and methods. It would further be preferable for any new improved methods and systems to be scalable such that they may cater for a plurality of diverse credential sets through a single system and method.